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In re application of: 
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For: Classification Engine in a 

Cryptography Acceleration Chip 

Arguments to Accompany the Pre- Appeal Brief Request for Review 



Applicants hereby submit the following Arguments, in five (5) or less total 
pages, as attachment to the Pre- Appeal Brief Request for Review Form (PTO/SB/33). 
A Notice of Appeal is concurrently filed. 



Applicants' arguments in the Amendment and Reply under 37 C.F.R. § 1.1 1 1 
filed on July 23, 2008 (hereinafter "Reply"), were not properly considered or 
responded to by the Examiner in the final Office Action mailed October 24, 2008 
(hereinafter the "Final Office Action"). In the Final Office Action, independent 
claims 46 and 64 were rejected under 35 U.S.C. § 103 as being allegedly unpatentable 
over Feiken, et al, U.S. Patent No. 5,870,479 (Feiken) in view of Ellis, U.S. Patent 
No. 6,484,257 (Ellis). The Examiner's response was legally and factually deficient 
because the Examiner failed to show that the cited references taught each and every 
feature of independent claims 46 and 64. 

The combination of Feiken and Ellis fails to teach or suggest "a classification 
module in the device that determines security association information associated with 
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each data packet in a plurality of data packets associated with a data flow between a 

source and destination, wherein the classification module is configured to determine 

the security association information for the plurality of data packets simultaneously, fl 

as recited in independent claim 46. The combination of Feiken and Ellis further fails 

to teach or suggest "receiving, in the device, at least a portion of a header for each 

data packet in a plurality of data packets associated with a data flow between a source 

and destination; simultaneously determining security association information 

associated with each data packet in the plurality of data packets in the data flow," as 

recited in independent claim 64. 

In contrast, Feiken describes an identification unit that processes data packet 
headers in sequence. In Feiken, a "data packet which enters the device 1 is first 
temporarily stored in the buffer 10. During this time, the header of the packet is 
copied to the identification unit 14, where the channel (in the case of ATM, the virtual 
channel or the virtual path) of the data packet is determined." (Feiken, col. 3, line 66 - 
col. 4, line 3.) Using this identification, the control unit "activates the other sections 
of the device." (Feiken, col. 4, lines 3-7.) In Feiken, "the buffer 10 is instructed to 
release the data packet concerned, while the memory 13 is instructed to place the 
information belonging to said channel (for example, the key and the status of the 
encrypting/decrypting procedure, and optionally the software of a processing) on the 
bus 15." (Feiken, col. 4, lines 8-14.) 

The Examiner states that because "Feiken et al discloses each processing unit 
may have its own buffer (see column 4, lines 21-25) and since different channels can 
be used to assign data packets, it is clear to one of ordinary skill in the art that that the 
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control means could assign data packets to more than one channel in parallel (see 

column 4, lines 25-48)." (Office Action, p. 4.) The Examiner offers no documentary 

evidence to support the assertion that because multiple processing units have their 

own buffers, it would be obvious that the identification unit determines security 

association information for a plurality of data packets simultaneously. 

Such official notice unsupported by documentary evidence should only be 
taken by the examiner where the facts asserted to be well-known, or to be common 
knowledge in the art are capable of instant and unquestionable demonstration as being 
well-known. As noted by the court in In re Ahlert, the notice of facts beyond the 
record which may be taken by the examiner must be "capable of such instant and 
unquestionable demonstration as to defy dispute." See M.P.E.P §2144.03 citing In re 
AhlerU 424 F.2d 1088, 1091 (CCPA 1970). The simultaneous classification of 
packets is not a fact that is capable of instant and unquestionable demonstration as 
being well-known. Feiken does not teach or suggest any architecture or modifications 
to the identification unit that would allow for the simultaneous classification of a 
plurality of packets. 

Ellis fails to overcome these deficiencies of Feiken. In the Office Action, the 
Examiner cites to column 8, line 62 through column 9, line 12 in support of the 
assertion that Ellis teaches the feature of simultaneous classification, as recited in 
independent claims 46 and 64. Applicants respectfully disagree with the Examiner's 
understanding of Ellis. 

Ellis describes a system and method for maintaining multiple simultaneous 
cryptographic sessions using a distributed computing environment. In Ellis, a client 
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connects and authenticates itself to a main server. (Ellis, 7:23-25.) If the main server 

has insufficient resources to service the session with the client, the main server 

instructs one or more agent servers to wake up and participate in a multiparty key 

exchange between the client, main server, and agent. (Ellis, 7:25-34.) The main 

server notifies the client and agent server(s) of the correct cipher to use for the session 

and any special information such as special ciphers for the different types of 

communications formats. (Ellis, 7:47-51.) The client and agent independently 

generate a session key to exchange data and then the client begins encrypting session 

communications with the agent using key and information from the main server. 

(Ellis, 7:53-57.) Thus, in Ellis, the key and cipher information is communicated to the 

client and agent from the main server prior to the transmission of packets from the 

client to the agent. 

In the discussion of FIG. 5 A referenced by the Examiner, Ellis describes the 
handling of tunneling packets at the Gateway. Specifically, Ellis states that the 
"Gateway then strips the GATEWAY HEADER+ AGENT HEADER 5A30 and 
preappends an AGENT ID IP HEADER 5 A60 for a packet composed of output 
packet 5A50." (Ellis, 8:63-66.) Modifying routing information in the header of a 
packet is not equivalent to determining security association information. As described 
above, Ellis distributes key materials prior to any transmission of a packet through the 
gateway. 

Accordingly, the combination of Feiken and Ellis fails to teach or suggest "a 
classification module in the device that determines security association information 
associated with each data packet in a plurality of data packets associated with a data 



-5 - 



KRISHNA et al 
Appl. No. 09/610,722 
Atty. Docket: 1875.4310002 



flow between a source and destination, wherein the classification module is 
configured to determine the security association information for the plurality of data 
packets simultaneously," as recited in independent claim 46 and "receiving, in the 
device, at least a portion of a header for each data packet in a plurality of data packets 
associated with a data flow between a source and destination; simultaneously 
determining security association information associated with each data packet in the 
plurality of data packets in the data flow," as recited in independent claim 64. 

Based on the above, Applicants respectfully request that the rejection of 
independent claims 46 and 64 as allegedly being obvious over Feiken and Ellis be 
reconsidered and withdrawn. Accordingly, Applicants respectfully request the 
rejection of dependent claims 47-63 and 65-70 be withdrawn as well. 

The U.S. Patent and Trademark Office is hereby authorized to charge any fee 
deficiency, or credit any overpayment, to our Deposit Account No. 19-0036. 
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Sterne, Kessler, Goldstein & Fox p.l.l.c. 




Irdri A. Gordon 
Attorney for Applicants 
Registration No. 50,633 



Date: ^torc^/ij s^aoo^ 



1 100 New York Avenue, N.W. 
Washington, D.C. 20005-3934 
(202)371-2600 



899115_1.DOC 



